Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/18/2014
03:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Bad Bots On The Rise

Humans remain outnumbered by bots online, new data shows.

The number of bots roaming the Net dropped this year, but the population of malicious bots has grown.

The overall population of bots, good and bad, dropped by more than 5% over 2013, according to a study published today. Bad bots that wage distributed denial-of-service (DDoS) attacks, commit click and ad fraud, scan for vulnerable targets, and spy, for instance, increased by as much as 15%.

Bots still outnumber humans online, accounting for 56% of Internet traffic versus humans at 44%. And bad or malicious bots account for more traffic than good bots, with 29% of a site's traffic. Good bots represent 27% of site visits.

"The sophistication of bad bots has increased," says Marc Gaffan, CEO and co-founder of Incapsula, whose firm for the second year in a row has seen more bots than real people inhabiting the Net. Bots are user machines infected by malware to do the bidding of the attacker. Incapsula calls the more sophisticated DDoS, ad fraud, and malicious scanning bots "impersonators," because they try to appear as legitimate users.

"The bar for creating bad bots has risen a bit. The ones out there are a lot more dangerous," Gaffan says.

Bots don't discriminate when it comes to site size: About one in three visitors to any size website is a malicious bot, according to the report. The data comes from a sampling of 15 billion human and bot visits over a 90-day period on 20,000 websites worldwide. Each site had a minimum of 10 human visitors per day.

The malicious bot threat has been an increasing problem. A bot is born in an organization about every 24 hours, according to a recent CheckPoint Software study, which found that three-fourths of enterprises have at least one bot-infected endpoint in-house. The percentage of organizations found with bots jumped from 63% in 2012 to 73% in 2013, the study found.

Aside from DDoS and other duped bots, there's a heavy population of bots recruited to perform ad fraud today. A recent study by the Association of National Advertisers and WhiteOps found that advertisers are losing $6.3 billion to $10 billion per year of ad revenue to fraud, thanks to the epidemic of phony ad traffic perpetrated by bots. From Aug. 1 to Oct. 1, WhiteOps researchers studied and analyzed the digital advertising traffic of a who's who of 36 US major corporations from various industries -- all ANA members -- including Ford, Honda, General Mills, Lilly, MasterCard, Merk, MillerCoors, Home Depot, Verizon, Walmart, and Wendy's.

"Incapsula's data reflects the reality that because you're receiving traffic doesn't mean it's a pair of human eyeballs on the other side. Sometimes it's a machine," says Dan Kaminsky, chief scientist with WhiteOps.

Bots are becoming more human-like and camouflaged, Kaminsky says, because the web has gotten more complicated. "As the web has gotten more complicated, so too have the bots."

Bad guys amass bots to do their dirty work because there's little risk for high financial gain, he says. "This is a criminal mechanism that generates money with no risk."

So what's the difference between an old-school bad bot and an impersonator bot? Gaffan says old-school bots are easier to spot, and their numbers will continue to dwindle in favor of the more sophisticated impersonator bots, some of which impersonate good, trusted bots.

The good/legitimate bot population is shrinking mainly due to a decline in RSS services, according to the Incapsula report.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9008
PUBLISHED: 2020-02-25
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
CVE-2020-9018
PUBLISHED: 2020-02-25
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
CVE-2020-9019
PUBLISHED: 2020-02-25
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.
CVE-2020-9391
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been ...
CVE-2020-8793
PUBLISHED: 2020-02-25
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.